2460799 – (CVE-2026-35364) CVE-2026-35364 rust-coreutils: uutils coreutils mv utility: Arbitrary File Overwrite via TOCTOU Race Condition

Bug 2460799 (CVE-2026-35364) - CVE-2026-35364 rust-coreutils: uutils coreutils mv utility: Arbitrary File Overwrite via TOCTOU Race Condition

Summary: CVE-2026-35364 rust-coreutils: uutils coreutils mv utility: Arbitrary File Ov...

Keywords:
Status:	NEW
Alias:	CVE-2026-35364
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2463763 2463764
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-22 17:03 UTC by OSIDB Bzimport
Modified:	2026-04-29 09:59 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-22 17:03:20 UTC

A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mv utility of uutils coreutils during cross-device operations. The utility removes the destination path before recreating it through a copy operation. A local attacker with write access to the destination directory can exploit this window to replace the destination with a symbolic link. The subsequent privileged move operation will follow the symlink, allowing the attacker to redirect the write and overwrite an arbitrary target file with contents from the source.

Note You need to log in before you can comment on or make changes to this bug.